GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Any chance of including scans for scripted queries?:
q = new Query(datasource=mydatasource);
"select col1, col2, #col3#
where fee = :qpFa
and foo = :qpLa
and fum = '#so#'"
q.addParam(name="qpFa", value="#val1#", cfsqltype="cf_sql_varchar");
q.addParam(name="qpLa", value="#val2#", cfsqltype="cf_sql_varchar");
Not a big one - this isn't a simple thing to add.
The current scanner relies on two things that script queries can't guarantee:
Neither of these are the case with the script syntax, and even a rudimentary implementation would require a significant amount of work.
Since I don't work with scripted queries myself, there's no incentive for me to spend that amount of time on something I wouldn't use.
Of course, if anyone wants to have a go and send in a pull request that'd be fine, or if anyone wanted to sponsor the development, that's also an option, but both of those would need to come with a big disclaimer that the functionality would be limited, and probably wouldn't cope with, for example:
sql = "select stuff ...";
if (something) sql &= "...";
q.setSQL( sql );